Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A848A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW, |
1_2_00A848A0 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A87DB0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
1_2_00A87DB0 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A85D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
1_2_00A85D80 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A87C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
1_2_00A87C60 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A85750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
1_2_00A85750 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A86000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
1_2_00A86000 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A85540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
1_2_00A85540 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Code function: 1_2_00A85050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
1_2_00A85050 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D748A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW, |
11_2_00D748A0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D75D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
11_2_00D75D80 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D77DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
11_2_00D77DB0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D75750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
11_2_00D75750 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D75050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
11_2_00D75050 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D75540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
11_2_00D75540 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D77C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
11_2_00D77C60 |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe |
Code function: 11_2_00D76000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
11_2_00D76000 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62540 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62541 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62542 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62543 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54905 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54906 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54907 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54908 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51532 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51533 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51534 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51535 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56124 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56125 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56126 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56127 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61611 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61612 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61613 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:61614 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52483 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52484 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52485 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52486 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53945 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53946 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53947 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53948 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56088 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56089 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56090 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56091 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56549 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56550 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56551 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:56552 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59883 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59884 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59885 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:59886 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58919 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58920 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58921 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58922 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50345 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50346 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50347 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:50348 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55631 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55632 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55633 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:55634 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56571 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56572 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56573 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56574 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49234 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49235 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49236 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49237 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56128 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52867 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52868 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52869 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52870 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57324 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57325 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57326 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:57327 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64406 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64407 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64408 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64409 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62850 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62851 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62852 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62853 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55958 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55959 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55960 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:55961 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57517 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57518 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57519 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:57520 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51323 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51324 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51325 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:51326 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61091 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61092 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61093 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61094 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62768 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62769 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62770 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:60131 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62734 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62735 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62736 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:62737 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60692 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60693 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60694 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60695 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56752 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56753 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56754 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56755 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59338 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59339 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59340 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:59341 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52717 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52718 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52719 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52720 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62223 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62224 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62225 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62226 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63265 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63266 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63267 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63268 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60000 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60001 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60002 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:60003 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51774 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51775 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51776 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51777 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52818 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52819 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:52820 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54197 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64543 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64544 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64545 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64546 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53592 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53593 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53594 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53595 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56360 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56361 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56362 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56363 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51364 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51365 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51366 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:51367 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49334 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49335 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49336 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:49337 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58159 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58160 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58161 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:58162 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52845 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52846 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52847 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:52848 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64963 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64964 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64965 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:64966 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56297 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56298 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56299 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56300 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64649 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64650 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64651 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:64652 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51889 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51890 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51891 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:51892 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53043 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53044 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53045 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:53046 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54510 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54511 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54512 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54513 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53195 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53196 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53197 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:53198 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60010 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60011 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60012 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:60013 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54202 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54203 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54204 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:54205 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50254 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50255 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50256 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:50257 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64798 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64799 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64800 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:64801 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62539 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62540 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62541 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:62542 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62038 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62039 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62040 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:62041 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63672 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63673 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63674 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:63675 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61172 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61173 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61174 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:61175 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56429 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56430 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56431 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:56432 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56433 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56434 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56435 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:56436 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49467 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49468 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49469 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.6:49470 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54881 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54882 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54883 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.6:54884 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54298 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54299 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54300 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.6:54301 -> 8.8.8.8:53 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: eW1QrimJYd.exe, type: SAMPLE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: eW1QrimJYd.exe, type: SAMPLE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.0.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.0.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 11.2.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 11.2.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 24.0.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 24.0.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.0.eW1QrimJYd.exe.a80000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.0.eW1QrimJYd.exe.a80000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.2.eW1QrimJYd.exe.a80000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.2.eW1QrimJYd.exe.a80000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 24.2.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 24.2.qvvfpl.exe.d70000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe, type: DROPPED |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe, type: DROPPED |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: unknown |
Process created: C:\Users\user\Desktop\eW1QrimJYd.exe "C:\Users\user\Desktop\eW1QrimJYd.exe" |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe "C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe" |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe "C:\Users\user\AppData\Roaming\Microsoft\qvvfpl.exe" |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Global\pc_group=WORKGROUP&ransom_id=5432c2cfc05a5a97 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5276:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5964:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6324:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7040:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6736:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6820:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7164:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6260:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6540:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6448:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3572:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6156:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5460:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:492:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5380:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1432:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6932:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6428:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6168:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6640:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_01 |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\eW1QrimJYd.exe |
Process created: unknown unknown |
Jump to behavior |